Security Compliance Senior Analyst

Working within the Information Risk Management department, the Security Compliance Senior Analyst will support governance, risk, and compliance initiatives and perform key day-to-day activities to help deploy and maintain specifically the SOC2 attestation portfolio. This individual will help create and maintain risk assessments to facilitate scoping and defining boundaries of the system. This individual will facilitate control mapping, control gap identification, gap remediation, risk mitigation, and external auditor interaction. This individual will assist in ensuring compliance to SOC2 SSAE 18 AICPA reporting standards along with an understanding of the Security, Availability, Confidentiality, Processing Integrity, and Privacy Trust Service Principles.

ESSENTIAL FUNCTIONS

Develop and maintain SOC2 scoping documentation including system understanding, process flows, and system infrastructure diagrams.

Ability to adapt in a dynamic work environment, learns quickly, solve problems, and make decisions with minimal supervision.

Excellent verbal and written communication and presentation skills.

Demonstrated ability to coordinate people and teams cross functionally to resolve complex issues with designated time frames.

Ability to develop process documentation.

Experience working with 'Agile' framework for project management is a plus

ABOUT THE DEPARTMENT

Do you enjoy the challenge of defending against security breaches? Put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of information security threats and risks. Our cyber defenders are challenged with maintaining a secure infrastructure day in and day out, while delivering an enterprise computing environment that resists breaches and disruptions. If you're as passionate about data security as we are, explore our opportunities.

ABOUT EXPRESS SCRIPTS

At Express Scripts, we dare to imagine a better health care system, and we're driven to make it happen. Where some see obstacles, we see possibilities. We're challengers, difference-makers and opportunity-seekers, united with our partners in pursuit of a simpler, more sustainable system and better health for all.

We have always acted first to take on the toughest challenges. We uniquely partner across the health care ecosystem to uncover opportunities, take action, advance health care and deliver better outcomes like no one else can. We believe health care can do more. We are Champions For BetterSM.

Express Scripts, part of Cigna Corporation, unlocks new value in pharmacy, medical and beyond to further total health for all.

Boost your job search productivity with our free Chrome Extension!

Similar Jobs

VIEW JOBS4/25/2019 12:00:00 AM2019-07-24T00:00POSITION SUMMARY
Working within the Information Risk Management department, the Security Compliance Senior Analyst will support governance, risk, and compliance initiatives and perform key day-to-day activities to help deploy and maintain specifically the SOC2 attestation portfolio. This individual will help create and maintain risk assessments to facilitate scoping and defining boundaries of the system. This individual will facilitate control mapping, control gap identification, gap remediation, risk mitigation, and external auditor interaction. This individual will assist in ensuring compliance to SOC2 SSAE 18 AICPA reporting standards along with an understanding of the Security, Availability, Confidentiality, Processing Integrity, and Privacy Trust Service Principles.
ESSENTIAL FUNCTIONS
* Develop and maintain SOC2 scoping documentation including system understanding, process flows, and system infrastructure diagrams.
* Perform control alignment validation
* Facilitate in identifying controls gaps ensuring sufficient remediation plans and tracking to timely resolution
* Provide information for status reports and support stakeholder
* Facilitate system and control understanding walkthrough meetings
* Update and maintain system and process narratives
* Support GRC tool implementation and workflows.
QUALIFICATIONS
* Bachelor's degree in related field or 9 years of relevant experience.
* 3 years relevant experience with Bachelor's Degree or Master's degree and 1 year of relevant experience
* 2-5 years of experience in auditing or IT consulting
* Experience with SOC2 reporting engagements, and Security, Availability, Confidentiality, Privacy, and Processing Integrity Trust Service Principles.
* Experience with other compliance frameworks such as SOX, SOC1, PCI, NIST, HIPPA preferred to supplement SOC2.
* Ability to collaborate with control and technology owners to design and implement controls/processes that appropriately mitigate compliance risk.
* Microsoft Office and ability to adapt to ESI proprietary systems.
* Information technology risk management experience and proven ability to meet deadlines.
* Understanding of information risk management concepts.
* Ability to adapt in a dynamic work environment, learns quickly, solve problems, and make decisions with minimal supervision.
* Excellent verbal and written communication and presentation skills.
* Demonstrated ability to coordinate people and teams cross functionally to resolve complex issues with designated time frames.
* Ability to develop process documentation.
* Experience working with 'Agile' framework for project management is a plus
ABOUT THE DEPARTMENT
Do you enjoy the challenge of defending against security breaches? Put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of information security threats and risks. Our cyber defenders are challenged with maintaining a secure infrastructure day in and day out, while delivering an enterprise computing environment that resists breaches and disruptions. If you're as passionate about data security as we are, explore our opportunities.
ABOUT EXPRESS SCRIPTS
At Express Scripts, we dare to imagine a better health care system, and we're driven to make it happen. Where some see obstacles, we see possibilities. We're challengers, difference-makers and opportunity-seekers, united with our partners in pursuit of a simpler, more sustainable system and better health for all.
We have always acted first to take on the toughest challenges. We uniquely partner across the health care ecosystem to uncover opportunities, take action, advance health care and deliver better outcomes – like no one else can. We believe health care can do more. We are Champions For BetterSM.
Express Scripts, part of Cigna Corporation, unlocks new value in pharmacy, medical and beyond to further total health for all.
Accredo HealthSaint LouisMO

VIEW JOBS5/23/2019 12:00:00 AM2019-08-21T00:00About the Position
About The Position
The Controls Surveillance & Compliance Analyst II position is within the Cybersecurity Governance, Risk, and Compliance team at Ameren's GOB. We are seeking an established IT audit or controls professional for this position. A successful candidate will build, develop, and maintain relationships with various stakeholders to design surveillance solutions for Ameren across the various segments. It is also imperative this role anticipates methods and processes employed by both internal and external auditors/regulators to effectively perform assessments across our compliance programs and projects.
Key responsibilities include:
* Develop surveillance processes and procedures to expediently monitor controls across enterprise-wide compliance programs such as, SOX, NERC CIP (Critical Infrastructure Protection), Cybersecurity (CSF), HIPPA, and PCI.
* Assist in monitoring and surveilling activities across the enterprise-wide compliance programs and the respective policies and procedures to promote integrity across our compliance programs.
* Aggregate observations, deviations, and exceptions identified through monitoring and surveilling efforts to manage an effective corrective action process that seeks to remediate non-compliance within the period of occurrence.
* Assist in tracking and updating key metrics that indicate the current health of controls and overall compliance programs.
* Assist Digital/IT and Business stakeholders with assessing the sufficiency, relevance, and reliability of their control documentation and control design as part of the various compliance programs described above.
* Perform assurance assessments on various IT development and agile projects to ensure design-side controls are considered and implemented prior to go-live by working with various Digital and Business stakeholders.
* Act as an advisor in implementing leading practices for areas related to the compliance programs described above, which also includes providing guidance to various stakeholders on enhancing manual and error-prone activities through automation.
* Assist with the analysis, development, and implementation of processes, procedures, and tools to digitally enable (scripts, RPA, analytics, and Governance, Risk, and Compliance (GRC) solutions) and automate manual control assessments and surveillance activities to obtain real-time results over the effectiveness of compliance programs.
* Participate in the development of IT vendor risk classification criteria and requirements.
* Participate in the periodic recertification of vendor/third party deliverables (e.g., SOC I, II, and/or III reports)
* Must be able to establish and maintain business relationships with individual contributors as well as management.
Qualifications
* Bachelor's Degree required, preferably majoring in Accounting, Computer Science, Management Information Systems, Engineering, Mathematics or equivalent computer or applicable business related major.
* Three or more years of experience working in a Public Accounting, Advisory, Internal Audit or Cybersecurity role is required, specializing in controls.
* One or more years of Information Security experience and experience designing and implementing or auditing controls preferred.
* Professional certification preferred (e.g. CPA, CISA, CISSP).
In addition to the above qualifications, the successful candidate will demonstrate:
* Ability to communicate clearly, effectively, persuasively and credibly with internal management and external senior level oversight entities.
* Effective organizational and prioritization skills.
* Knowledge of platforms and operating systems (Windows, UNIX, Linux, Mainframe, Databases, and Data warehouses).
* Knowledge of the NIST Cybersecurity Framework.
* Understand leading practices around system development methodologies and controls for agile, hybrid, and waterfall deployments.
Additional Information
Ameren's selection process includes a series of interviews and may include a leadership assessment process. Specific details will be provided to qualified candidates.
AmerenSaint LouisMO

VIEW JOBS5/19/2019 12:00:00 AM2019-08-17T00:00POSITION SUMMARY
Working within the Information Risk Management department, the Security Compliance Manager will support governance, risk, and compliance initiatives and perform key day-to-day activities to help deploy and maintain the technology attestation portfolio. This individual will be key in influencing and motivating key stakeholders across the organization to establish the technology reporting framework and compliance. This individual will provide direction in control mapping, control gap identification, gap remediation and mitigation. This individual will have a strong understanding of the SSAE 18 AICPA reporting standards and an understanding of compliance frameworks supported such as SOC1, SOC2 (Security, Availability, Confidentiality, Processing Integrity, and Privacy Trust Service Principles), NIST, HITRUST, HIPAA and GDPR.
ESSENTIAL FUNCTIONS
* Facilitate the implementation of the risk assessment and monitoring framework for maintaining controls over competitively sensitive client information.
* Lead staff by reviewing and providing guidance in the development and maintenance of scoping documentation including system understanding, process flows, and system infrastructure diagrams.
* Ensure control alignment and validation for systems in scope of regulatory and client audits.
* Provide guidance and best practices for remediating and mitigating controls gaps ensuring sufficient remediation plans and tracking to timely resolution
* Inform senior management timely of key program updates, milestones, and barriers for program implementation.
* Review and validate system and process narratives
* Support GRC tool implementation and workflows.
QUALIFICATIONS
* Bachelor's degree in related field or equivalent work experience.
* Five to eight years experience, Public Accounting experience preferred
* Experience with SOC2 audits over Security, Availability, Confidentiality, Privacy, and Processing Integrity Trust Service Principles.
* Experience with HITRUST, NIST, HIPAA and GDPR engagements preferred to supplement SOC2.
* Experience implementing compliance control frameworks.
* Technology proficient in communicating and understanding implementation risks with system owners and stakeholders.
* Ability to effectively communicate and influence senior leadership across various departments within the organization.
* Excellent verbal and written communication and presentation skills.
* Microsoft Office and ability to adapt to ESI proprietary systems.
* Information technology risk management experience and proven ability to meet deadlines.
* Understanding of information risk management concepts.
* Experience leading team members, directing staff priorities and completing reviews to ensure quality work products.
* Ability to adapt in a dynamic work environment, learns quickly, solve problems and make decisions with minimal supervision.
* Demonstrated ability to coordinate people and teams cross functionally to resolve complex issues with designated time frames.
* Experience working with 'Agile' framework for project management is a plus.
ABOUT THE DEPARTMENT
Do you enjoy the challenge of understanding various technologies and deploying sounds control and compliance frameworks? Come put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of information security threats and risks. Our security defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while delivering an enterprise computing environment that is resilient to breaches and disruptions. If you're as passionate about data security as we are and want to be at the center of our noble mission to make healthcare safer and more affordable, explore our opportunities.
ABOUT EXPRESS SCRIPTS
At Express Scripts, we dare to imagine a better health care system, and we're driven to make it happen. Where some see obstacles, we see possibilities. We're challengers, difference-makers and opportunity-seekers, united with our partners in pursuit of a simpler, more sustainable system and better health for all.
We have always acted first to take on the toughest challenges. We uniquely partner across the health care ecosystem to uncover opportunities, take action, advance health care and deliver better outcomes – like no one else can. We believe health care can do more. We are Champions For BetterSM.
Express Scripts, part of Cigna Corporation, unlocks new value in pharmacy, medical and beyond to further total health for all.
Accredo HealthSaint LouisMO

By clicking the above button, you are consenting to our Terms of Use and Privacy Policy. You also consent to have an account created for you on this site so that you can get more out of your job search.

Complete any job application with a few clicks using ourfree Chrome extension!